Drawing upon decades of experience, RAND provides research services, systematic analysis, and innovative thinking to a global clientele that includes government agencies, foundations, and private-sector firms.

The Pardee RAND Graduate School (PRGS.edu) is the largest public policy Ph.D. program in the nation and the only program based at an independent public policy research organization—the RAND Corporation.

Purchase

Purchase Print Copy

When defending an organization against cyberattacks, cybersecurity professionals are faced with the dilemma of selecting from a large set of cybersecurity defensive measures while operating with a limited set of resources with which to employ the measures. Engaging in this selection process is not easy and can be overwhelming. Furthermore, the challenge is exacerbated by the fact that many cybersecurity strategies are presented as itemized lists, with few hints at how to position a given action within the space of alternative actions. This report aims to address these difficulties by explaining the menu of actions for defending an organization against cyberattack and recommending an approach for organizing the range of actions and evaluating cybersecurity defensive activities.

This report is part of the RAND Corporation tool series. RAND tools may include models, databases, calculators, computer code, GIS mapping tools, practitioner guidelines, web applications, and various toolkits. All RAND tools undergo rigorous peer review to ensure both high data standards and appropriate methodology in keeping with RAND's commitment to quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.

The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest.